Secure communication between various devices is becoming more and more important in an increasingly networked world and represents an essential requirement for the acceptance and therefore also the economic success of the corresponding applications in many areas of application. This includes—depending on the application—various protection goals, for example, ensuring the confidentiality of the data to be transmitted, mutual authentication of the participating nodes, or securing the data integrity.
To achieve these protection goals, suitable cryptographic methods are typically used, which may generally be divided into two different categories: symmetrical methods, in which transmitter and receiver have the same cryptographic key, and asymmetrical methods, in which the transmitter encrypts the data to be transmitted using the public key (i.e., which is also possibly known to a potential attacker) of the receiver, but the decryption may only take place using the associated secret key, which is ideally only known to the legitimate receiver.
Asymmetrical methods have the disadvantage, inter alia, that they generally have a very high computational complexity. Therefore, they have only limited suitability for resource-restricted nodes, for example, sensors, actuators, etc., which typically only have a relatively low computing power and a small memory space and are to operate energy efficiently, for example, because of battery operation or the use of energy harvesting. In addition, only a limited bandwidth is often available for data transmission, which makes the exchange of asymmetrical keys, having lengths of 2048 bits or even more, unattractive.
In contrast, it must be ensured in the case of symmetrical methods that both receiver and transmitter have the same key. The associated key management generally represents a very demanding task. In the field of mobile wireless, keys are introduced with the aid of SIM cards into a mobile telephone, for example, and the associated network may then assign the unique identifier of a SIM card to the corresponding key. In the case of wireless LANs, in contrast, a manual input of the key to be used typically takes place (“pre-shared keys”, generally established by the input of a password) during the setup of a network. However, such key management rapidly becomes very complex and impractical if one has a very large number of nodes, for example, in a sensor network or other machine-to-machine communication systems. In addition, a change of the keys to be used is often possible not at all or only with very great effort.
For some time, novel approaches have therefore been studied and developed under the keyword “physical layer security,” with the aid of which keys for symmetrical methods may be generated automatically on the basis of the transmission channels between the involved nodes. Ascertaining random numbers or pseudorandom numbers from channel parameters may be inferred, for example, from WO 1996/023376 A2, and generating secret keys from channel parameters is described in WO 2006/081122 A2.
Heretofore, above all approaches have been considered and studied in the literature in which the above-described key generation takes place directly between two nodes.